Skip to main content

Security verification

When authenticated users attempt sensitive or high-risk actions—such as changing their password, making a payment, or accessing sensitive information like paychecks or bank account details—additional security measures are essential. This flow is especially critical in sensitive applications like banking, healthcare, and government services.

This process, known as security verification, requires users to re-verify their identity to confirm they are the authorized account holder. By implementing security verification, the system reinforces protection against unauthorized access, adding a critical layer of security for high-risk actions and helping safeguard sensitive data.

Implement security verification by Account API

note:

Remember to enable Account API first, and get the access_token for the user.

Password verification

When users attempt to change their password, the system should prompt them to re-enter their current password to verify their identity. This step ensures that only the authorized account holder can change the password, preventing unauthorized access to the account.

methodpathdescription
POST/api/verifications/password/verifyVerify current user password.

Email/SMS one-time code verification

Send a verification code to the user’s email or phone number and prompt them to enter the code to confirm their identity. These endpoints can be used to verify a user’s identity or to confirm ownership of a specific email or phone number. This verification step is highly recommended when a user attempts to link a new email address or phone number to their account, ensuring the authenticity of the information provided.

methodpathdescription
POST/api/verifications/verification-codeSend email or phone number verification code.
POST/api/verifications/verification-code/verifyVerify email or phone number by verification code.